Troubleshooting Slow Boot issues after installation of Endpoint Encryption Full Disk.

book

Article ID: 177559

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

A customer is complaining that their hardware is taking significantly longer to boot since the installation of SEE.

Cause

A delay in booting after installing SEE is normal and expected due to the filter drivers loading for on-the-fly decryption of the file system. The length of the delay depends on the level of encryption and the power of the machine in question. Generally, new versions of SEE have improved boot times over older versions as the code is constantly being tweaked to improve performance as the product evolves.

Resolution

While it is possible to improve the boot time, there are limits to what can be done based on the power of the system and natural overhead incurred by encryption. However, positive results can often be achieved by tidying up the operating system and removing or disabling unnecessary or conflicting applications.

The following steps may improve the boot time:

  1. Test disabling superfluous services or applications that load at boot time using Msconfig. Take care not to disable any Symantec or EAFR services. Consider permanently disabling any processes or services that show improvements in the boot time. If that is not feasible, report them to Symantec for investigation for possible conflict with SEE.
  2. Make sure that the disk is defragmented and does not contain unflagged bad blocks. Run "Chkdsk /f /R" and a Defragmentation tool.
  3. If SEP is present, disable Proactive Threat Protection to see if boot time is improved. Report any improvements that this may give.
  4. Change the value of the following key: HKLM\System\CurrentControlSet\Services\EAFRCliManager\Group from 'NetworkProvider' to 'UIGroup'. Backup the registry before doing any changes in it.
  5. Installations of VMWare may conflict with SEE-FD and SEE-RS as both applications will request direct access to system resources.
  6. Clearing the prefetch folder may help with boot speed.
  7. Remove Rootkit detection programs if installed.

If after following these steps, an unusually long delay is still occuring, obtain the following for Symantec Support personnel:

  1. If using SSO, manually time how long the system takes to boot to the SEE Pre-OS Ctrl-Alt-Del screen.
  2. Get a clear comparison of boot times before and after installation of SEE. Use one of the following utilities:
    1. Bootvis - gives a simple graphical output - XP only.
    2. Process monitor: gives a very detailed log, but does not clearly delineate the end of the boot process. Manually time the boot process with SEE installed and uninstalled.
  3. Find out the level of encryption on the disk - 128 or 256 bit?
  4. Get a PFE log or Msinfo32 output in NFO format.